127 replies to this topic

[caewe12]

Was infected by System Check. Ran my Malwarebytes disc but wasn't working (in safe mode w/networking). Still in safemode searched for mybleepingcomputer and was redirected. Suddenly Internet Security adware was "running a scan". Tried Malwarebytes disc multiple times it found 6 infected files but wasn't removing them. Downloaded Spybot, ran it, and then found some of the exe files and used File Assassin to delete them. I'm don't think my computer is clean. I'm getting redirected when I use my search engine. My desktop is gone and only some of my programs show up in "All Programs". I only know enough to be dangerous. Help. Thank you. CAE

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Ekenbarger's at 17:33:30 on 2012-02-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1774 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\SelectRebates\SelectRebates.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Common Files\AOL\1178326658\ee\AOLSoftware.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\dlcccoms.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cox.net/
uSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: H - No File
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\spybot~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files\upromise\upromisetoolbar.dll
TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Bomgar Support Reconnect [1297805904]] "c:\documents and settings\all users\application data\bomgar-scc-4d5af24f\bomgar-scc.exe" -nomulti
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Internet Security] c:\documents and settings\all users\application data\isecurity.exe
uRun: [SpybotSD TeaTimer] f:\spybot - search & destroy\spybot - search & destroy\TeaTimer.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SelectRebates] c:\program files\selectrebates\SelectRebates.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [HostManager] c:\program files\common files\aol\1178326658\ee\AOLSoftware.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [wgjpPXjtqGl.exe] c:\documents and settings\all users\application data\wgjpPXjtqGl.exe
uPolicies-explorer: NoDesktop = 1 (0x1)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &Search - http://tbedits.coupo...2D&n=2011081120
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\spybot~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\www.update
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www6.iepdirect.com/ScriptX_6_5/smsx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212869638656
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://e-talk1.whps.org/dwa7W.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{830D72BE-6132-4A2A-B8DD-7BC8B69A920B} : DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12
Filter: text/html - {ebf6bf89-93f4-4e89-8fc4-7ead60359ba4} -
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Authentication Packages = msv1_0 c:\windows\system32\gebBSLDU
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ekenbarger's\application data\mozilla\firefox\profiles\fi5w6q0t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WinZipBar Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&ind=2011081120&ptnrS=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&n=77dea9a0&psa=&st=kwd&searchfor=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\ekenbarger's\application data\mozilla\firefox\profiles\fi5w6q0t.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\ekenbarger's\application data\mozilla\firefox\profiles\fi5w6q0t.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\ekenbarger's\application data\mozilla\firefox\profiles\fi5w6q0t.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\ekenbarger's\application data\mozilla\firefox\profiles\fi5w6q0t.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\ekenbarger's\application data\mozilla\firefox\profiles\fi5w6q0t.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\ekenbarger's\application data\mozilla\firefox\profiles\fi5w6q0t.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\ekenbarger's\application data\mozilla\firefox\profiles\fi5w6q0t.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\components\RadioWMPCoreGecko8.dll
FF - component: c:\documents and settings\ekenbarger's\application data\mozilla\firefox\profiles\fi5w6q0t.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\components\RadioWMPCoreGecko9.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ShopAtHome.com Intelligent Shopping Toolbar: toolbar@shopathome.com - %profile%\extensions\toolbar@shopathome.com
FF - Ext: Coupons.com Community Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - %profile%\extensions\{37153479-1976-43c3-a1ee-557513977b64}
FF - Ext: WinZipBar Community Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - %profile%\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}
.
============= SERVICES / DRIVERS ===============
.
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2006-5-21 34916]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-10 5120]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553896]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-1-18 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-1-18 40552]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]
.
=============== File Associations ===============
.
regfile=regedit.exe "%1" %*
scrfile="%1" %*
.
=============== Created Last 30 ================
.
2012-01-11 14:32:02 21504 ---ha-w- c:\windows\system32\hidserv.dll
2012-01-11 14:32:02 21504 ---ha-w- c:\windows\system32\dllcache\hidserv.dll
.
==================== Find3M ====================
.
2011-12-26 20:43:04 23624 ---ha-w- c:\windows\system32\drivers\hitmanpro35.sys
.
============= FINISH: 17:40:28.14 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/20/2005 7:58:34 PM
System Uptime: 2/6/2012 9:16:35 PM (20 hours ago)
.
Motherboard: Dell Inc. | | 0X8582
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 146 GiB total, 103.037 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 412.815 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1053: 11/10/2011 3:43:33 PM - System Checkpoint
RP1054: 11/11/2011 4:16:15 PM - System Checkpoint
RP1055: 11/12/2011 4:38:30 PM - System Checkpoint
RP1056: 11/13/2011 5:01:46 PM - System Checkpoint
RP1057: 11/14/2011 5:55:33 PM - System Checkpoint
RP1058: 11/15/2011 6:37:23 PM - System Checkpoint
RP1059: 11/16/2011 6:42:58 PM - System Checkpoint
RP1060: 11/17/2011 6:43:32 PM - System Checkpoint
RP1061: 11/18/2011 7:29:00 PM - System Checkpoint
RP1062: 11/19/2011 9:13:51 PM - System Checkpoint
RP1063: 11/21/2011 3:10:22 PM - System Checkpoint
RP1064: 11/22/2011 3:51:46 PM - System Checkpoint
RP1065: 11/23/2011 4:46:20 PM - System Checkpoint
RP1066: 11/24/2011 5:50:36 PM - System Checkpoint
RP1067: 11/25/2011 6:44:05 PM - System Checkpoint
RP1068: 11/26/2011 6:47:42 PM - System Checkpoint
RP1069: 11/27/2011 7:51:01 PM - System Checkpoint
RP1070: 11/28/2011 8:46:52 PM - System Checkpoint
RP1071: 11/29/2011 8:57:54 PM - System Checkpoint
RP1072: 11/30/2011 9:04:19 PM - System Checkpoint
RP1073: 12/1/2011 9:35:17 PM - System Checkpoint
RP1074: 12/2/2011 9:36:43 PM - System Checkpoint
RP1075: 12/3/2011 10:47:56 PM - System Checkpoint
RP1076: 12/5/2011 7:27:06 AM - System Checkpoint
RP1077: 12/6/2011 1:25:45 PM - System Checkpoint
RP1078: 12/7/2011 1:35:34 PM - System Checkpoint
RP1079: 12/8/2011 2:13:08 PM - System Checkpoint
RP1080: 12/9/2011 5:10:56 PM - System Checkpoint
RP1081: 12/10/2011 6:40:55 PM - System Checkpoint
RP1082: 12/12/2011 5:56:36 AM - System Checkpoint
RP1083: 12/13/2011 6:30:37 AM - System Checkpoint
RP1084: 12/14/2011 7:33:17 AM - System Checkpoint
RP1085: 12/15/2011 8:33:17 AM - System Checkpoint
RP1086: 12/16/2011 9:33:17 AM - System Checkpoint
RP1087: 12/17/2011 9:54:47 AM - System Checkpoint
RP1088: 12/18/2011 10:33:17 AM - System Checkpoint
RP1089: 12/19/2011 11:33:17 AM - System Checkpoint
RP1090: 12/20/2011 12:33:17 PM - System Checkpoint
RP1091: 12/21/2011 1:45:20 PM - System Checkpoint
RP1092: 12/22/2011 2:33:20 PM - System Checkpoint
RP1093: 12/23/2011 3:33:20 PM - System Checkpoint
RP1094: 12/24/2011 3:51:20 PM - System Checkpoint
RP1095: 12/25/2011 4:32:06 PM - System Checkpoint
RP1096: 12/26/2011 12:25:53 PM - Installed %1 %2.
RP1097: 12/26/2011 12:28:35 PM - Restore Point before Corrupt Patch Registry keys
RP1098: 12/26/2011 12:46:43 PM - Installed Windows XP KB942288-v3.
RP1099: 12/26/2011 1:06:41 PM - Removed iTunes
RP1100: 12/26/2011 3:05:16 PM - Removed iTunes
RP1101: 12/26/2011 3:54:36 PM - Installed WinZip 16.0
RP1102: 12/26/2011 4:32:07 PM - Removed WinZip 16.0
RP1103: 12/26/2011 4:32:55 PM - Removed WinZip Courier
RP1104: 12/26/2011 4:33:57 PM - Removed Kaspersky Security Scan
RP1105: 12/26/2011 6:23:50 PM - Removed QuickTime
RP1106: 12/26/2011 6:28:35 PM - Installed QuickTime
RP1107: 12/26/2011 6:46:10 PM - Installed iTunes
RP1108: 12/27/2011 7:44:30 PM - System Checkpoint
RP1109: 12/28/2011 8:43:59 PM - System Checkpoint
RP1110: 12/29/2011 8:45:04 PM - System Checkpoint
RP1111: 12/30/2011 9:23:11 PM - System Checkpoint
RP1112: 12/31/2011 10:35:40 PM - System Checkpoint
RP1113: 1/11/2012 9:52:55 AM - System Checkpoint
RP1114: 1/12/2012 10:15:07 AM - System Checkpoint
RP1115: 1/13/2012 11:09:37 AM - System Checkpoint
RP1116: 1/14/2012 12:17:57 PM - System Checkpoint
RP1117: 1/15/2012 1:12:01 PM - System Checkpoint
RP1118: 1/16/2012 3:24:39 PM - System Checkpoint
RP1119: 1/17/2012 3:48:45 PM - System Checkpoint
RP1120: 1/18/2012 4:43:25 PM - System Checkpoint
RP1121: 1/19/2012 4:56:34 PM - System Checkpoint
RP1122: 1/20/2012 5:35:59 PM - System Checkpoint
RP1123: 1/21/2012 6:56:04 PM - System Checkpoint
RP1124: 1/22/2012 7:26:15 PM - System Checkpoint
RP1125: 1/23/2012 7:28:35 PM - System Checkpoint
RP1126: 1/24/2012 8:15:34 PM - System Checkpoint
RP1127: 1/25/2012 9:06:56 PM - System Checkpoint
RP1128: 1/26/2012 10:03:10 PM - System Checkpoint
RP1129: 1/27/2012 10:49:47 PM - System Checkpoint
RP1130: 1/28/2012 11:45:06 PM - System Checkpoint
RP1131: 1/30/2012 12:38:22 AM - System Checkpoint
RP1132: 1/31/2012 1:32:38 AM - System Checkpoint
RP1133: 2/1/2012 2:26:58 AM - System Checkpoint
RP1134: 2/2/2012 2:57:57 AM - System Checkpoint
RP1135: 2/3/2012 3:53:44 AM - System Checkpoint
RP1136: 2/4/2012 4:51:44 AM - System Checkpoint
RP1137: 2/5/2012 5:45:10 AM - System Checkpoint
RP1138: 2/6/2012 6:39:41 AM - System Checkpoint
RP1139: 2/6/2012 4:31:41 PM - Restore Operation
RP1140: 2/6/2012 4:32:38 PM - Restore Operation
RP1141: 2/6/2012 8:29:24 PM - Removed Bonjour
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
ATI Control Panel
ATI Display Driver
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Creative MediaSource
DAO 3.5
DB CIF Cam
Dell Media Experience
Dell Photo AIO Printer 924
Dell Picture Studio v3.0
Dell Support 3.2.1
Dell System Restore
EA Download Manager
EarthLink setup files
FoneSync
Get High Speed Internet!
GIMP 2.6.6
Google Chrome
Google Earth
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel Matrix Storage Manager
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Software v9.2.4.11
Intel® PROSafe for Wired Connections
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java™ 6 Update 24
Jimmy Neutron Boy Genius
LiveUpdate 3.2 (Symantec Corporation)
Macromedia Flash Player
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Picture It! Publishing 2001
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Word 2000 SR-1
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.6.16)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
Musicmatch for Windows Media Player
Napster
Napster Burn Engine
NetZeroInstallers
NickToons Racing
Nikon Message Center
Norton Ghost
Pdf995
PdfEdit995
Photo Click
PictureProject
PowerDVD 5.5
QuickBooks Simple Start Special Edition
Quicken Basic 2000
QuickTime
Rayman Raving Rabbids
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shockwave
ShopAtHome.com Toolbar
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster Live! 24-bit
SPORE™
SPORE™ Galactic Adventures
Spybot - Search & Destroy
TaxCut Basic 2006
Type to Learn 3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows PowerShell™ 1.0
Windows XP Service Pack 3
WordPerfect Office 12
Works Suite OS Pack
Works Synchronization
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
2/6/2012 8:29:38 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
2/6/2012 4:36:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/6/2012 4:31:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
2/6/2012 4:30:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/1/2012 5:59:11 AM, error: Dhcp [1002] - The IP address lease 68.1.168.30 for the Network Card with network address 00123F758368 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/1/2012 5:58:41 AM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{830D72BE-6132-4A2A-B8DD-7BC8B69A920B} because another computer on the network has the same name. The server could not start.
.
==== End Of File ===========================

[Maurice Naggar]

Hello caedwe12,

Make sure you do not do any changes/ adds/ deletes of programs or settings, or get any tools on your own. Make no changes on your own. Always check with me first if you have questions.

Now, make sure you have saved all your work before you begin, and close your open apps.

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from
>>> here <<<

• Double-click FixPolicies.exe.
  
• Click the "Install" button on the bottom toolbar of the box that will open.
  
• The program will create a new Folder called FixPolicies.
  
• Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  
• A black box will briefly appear and then close.
  
• This fix may prove temporary. Active malware may revert these changes at your next startup.

Note: If using Firefox right-click on any download links and choose Save As
Save both files to the same place ---- the Desktop.

Please download from here >> OTH << and SAVE to the Desktop

Please download from here >> OTL << and SAVE to the Desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.
IF you are running Vista or Windows 7, then do a Right-click on OTH and select Run As Administrator to start.



Once OTH has started, click on Start OTL. OTL will now start.

• Do the following in OTL:
  
• In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  
• Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  
• When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Download Security Check by screen317 and save it to your Desktop: here or here

• Run Security Check
  
• Follow the onscreen instructions inside of the command window.
  
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

• Back in OTH:
  Click the Internet Explorer button. Go to this forum & login & return to this topic.
  Copy & Paste the ATTACH, EXTRAS, & Checkup logs into your reply here.

[caewe12]

Ran Security Check but notepad did not pop up. Couldn't find Checkup logs. Should I run it again? Thanks. CAE

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/20/2005 7:58:34 PM
System Uptime: 2/6/2012 9:16:35 PM (20 hours ago)
.
Motherboard: Dell Inc. | | 0X8582
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 146 GiB total, 103.037 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 412.815 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1053: 11/10/2011 3:43:33 PM - System Checkpoint
RP1054: 11/11/2011 4:16:15 PM - System Checkpoint
RP1055: 11/12/2011 4:38:30 PM - System Checkpoint
RP1056: 11/13/2011 5:01:46 PM - System Checkpoint
RP1057: 11/14/2011 5:55:33 PM - System Checkpoint
RP1058: 11/15/2011 6:37:23 PM - System Checkpoint
RP1059: 11/16/2011 6:42:58 PM - System Checkpoint
RP1060: 11/17/2011 6:43:32 PM - System Checkpoint
RP1061: 11/18/2011 7:29:00 PM - System Checkpoint
RP1062: 11/19/2011 9:13:51 PM - System Checkpoint
RP1063: 11/21/2011 3:10:22 PM - System Checkpoint
RP1064: 11/22/2011 3:51:46 PM - System Checkpoint
RP1065: 11/23/2011 4:46:20 PM - System Checkpoint
RP1066: 11/24/2011 5:50:36 PM - System Checkpoint
RP1067: 11/25/2011 6:44:05 PM - System Checkpoint
RP1068: 11/26/2011 6:47:42 PM - System Checkpoint
RP1069: 11/27/2011 7:51:01 PM - System Checkpoint
RP1070: 11/28/2011 8:46:52 PM - System Checkpoint
RP1071: 11/29/2011 8:57:54 PM - System Checkpoint
RP1072: 11/30/2011 9:04:19 PM - System Checkpoint
RP1073: 12/1/2011 9:35:17 PM - System Checkpoint
RP1074: 12/2/2011 9:36:43 PM - System Checkpoint
RP1075: 12/3/2011 10:47:56 PM - System Checkpoint
RP1076: 12/5/2011 7:27:06 AM - System Checkpoint
RP1077: 12/6/2011 1:25:45 PM - System Checkpoint
RP1078: 12/7/2011 1:35:34 PM - System Checkpoint
RP1079: 12/8/2011 2:13:08 PM - System Checkpoint
RP1080: 12/9/2011 5:10:56 PM - System Checkpoint
RP1081: 12/10/2011 6:40:55 PM - System Checkpoint
RP1082: 12/12/2011 5:56:36 AM - System Checkpoint
RP1083: 12/13/2011 6:30:37 AM - System Checkpoint
RP1084: 12/14/2011 7:33:17 AM - System Checkpoint
RP1085: 12/15/2011 8:33:17 AM - System Checkpoint
RP1086: 12/16/2011 9:33:17 AM - System Checkpoint
RP1087: 12/17/2011 9:54:47 AM - System Checkpoint
RP1088: 12/18/2011 10:33:17 AM - System Checkpoint
RP1089: 12/19/2011 11:33:17 AM - System Checkpoint
RP1090: 12/20/2011 12:33:17 PM - System Checkpoint
RP1091: 12/21/2011 1:45:20 PM - System Checkpoint
RP1092: 12/22/2011 2:33:20 PM - System Checkpoint
RP1093: 12/23/2011 3:33:20 PM - System Checkpoint
RP1094: 12/24/2011 3:51:20 PM - System Checkpoint
RP1095: 12/25/2011 4:32:06 PM - System Checkpoint
RP1096: 12/26/2011 12:25:53 PM - Installed %1 %2.
RP1097: 12/26/2011 12:28:35 PM - Restore Point before Corrupt Patch Registry keys
RP1098: 12/26/2011 12:46:43 PM - Installed Windows XP KB942288-v3.
RP1099: 12/26/2011 1:06:41 PM - Removed iTunes
RP1100: 12/26/2011 3:05:16 PM - Removed iTunes
RP1101: 12/26/2011 3:54:36 PM - Installed WinZip 16.0
RP1102: 12/26/2011 4:32:07 PM - Removed WinZip 16.0
RP1103: 12/26/2011 4:32:55 PM - Removed WinZip Courier
RP1104: 12/26/2011 4:33:57 PM - Removed Kaspersky Security Scan
RP1105: 12/26/2011 6:23:50 PM - Removed QuickTime
RP1106: 12/26/2011 6:28:35 PM - Installed QuickTime
RP1107: 12/26/2011 6:46:10 PM - Installed iTunes
RP1108: 12/27/2011 7:44:30 PM - System Checkpoint
RP1109: 12/28/2011 8:43:59 PM - System Checkpoint
RP1110: 12/29/2011 8:45:04 PM - System Checkpoint
RP1111: 12/30/2011 9:23:11 PM - System Checkpoint
RP1112: 12/31/2011 10:35:40 PM - System Checkpoint
RP1113: 1/11/2012 9:52:55 AM - System Checkpoint
RP1114: 1/12/2012 10:15:07 AM - System Checkpoint
RP1115: 1/13/2012 11:09:37 AM - System Checkpoint
RP1116: 1/14/2012 12:17:57 PM - System Checkpoint
RP1117: 1/15/2012 1:12:01 PM - System Checkpoint
RP1118: 1/16/2012 3:24:39 PM - System Checkpoint
RP1119: 1/17/2012 3:48:45 PM - System Checkpoint
RP1120: 1/18/2012 4:43:25 PM - System Checkpoint
RP1121: 1/19/2012 4:56:34 PM - System Checkpoint
RP1122: 1/20/2012 5:35:59 PM - System Checkpoint
RP1123: 1/21/2012 6:56:04 PM - System Checkpoint
RP1124: 1/22/2012 7:26:15 PM - System Checkpoint
RP1125: 1/23/2012 7:28:35 PM - System Checkpoint
RP1126: 1/24/2012 8:15:34 PM - System Checkpoint
RP1127: 1/25/2012 9:06:56 PM - System Checkpoint
RP1128: 1/26/2012 10:03:10 PM - System Checkpoint
RP1129: 1/27/2012 10:49:47 PM - System Checkpoint
RP1130: 1/28/2012 11:45:06 PM - System Checkpoint
RP1131: 1/30/2012 12:38:22 AM - System Checkpoint
RP1132: 1/31/2012 1:32:38 AM - System Checkpoint
RP1133: 2/1/2012 2:26:58 AM - System Checkpoint
RP1134: 2/2/2012 2:57:57 AM - System Checkpoint
RP1135: 2/3/2012 3:53:44 AM - System Checkpoint
RP1136: 2/4/2012 4:51:44 AM - System Checkpoint
RP1137: 2/5/2012 5:45:10 AM - System Checkpoint
RP1138: 2/6/2012 6:39:41 AM - System Checkpoint
RP1139: 2/6/2012 4:31:41 PM - Restore Operation
RP1140: 2/6/2012 4:32:38 PM - Restore Operation
RP1141: 2/6/2012 8:29:24 PM - Removed Bonjour
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
ATI Control Panel
ATI Display Driver
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Creative MediaSource
DAO 3.5
DB CIF Cam
Dell Media Experience
Dell Photo AIO Printer 924
Dell Picture Studio v3.0
Dell Support 3.2.1
Dell System Restore
EA Download Manager
EarthLink setup files
FoneSync
Get High Speed Internet!
GIMP 2.6.6
Google Chrome
Google Earth
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel Matrix Storage Manager
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Software v9.2.4.11
Intel® PROSafe for Wired Connections
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java™ 6 Update 24
Jimmy Neutron Boy Genius
LiveUpdate 3.2 (Symantec Corporation)
Macromedia Flash Player
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Picture It! Publishing 2001
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Word 2000 SR-1
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.6.16)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
Musicmatch for Windows Media Player
Napster
Napster Burn Engine
NetZeroInstallers
NickToons Racing
Nikon Message Center
Norton Ghost
Pdf995
PdfEdit995
Photo Click
PictureProject
PowerDVD 5.5
QuickBooks Simple Start Special Edition
Quicken Basic 2000
QuickTime
Rayman Raving Rabbids
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shockwave
ShopAtHome.com Toolbar
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster Live! 24-bit
SPORE™
SPORE™ Galactic Adventures
Spybot - Search & Destroy
TaxCut Basic 2006
Type to Learn 3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows PowerShell™ 1.0
Windows XP Service Pack 3
WordPerfect Office 12
Works Suite OS Pack
Works Synchronization
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
2/6/2012 8:29:38 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
2/6/2012 4:36:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/6/2012 4:31:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
2/6/2012 4:30:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/1/2012 5:59:11 AM, error: Dhcp [1002] - The IP address lease 68.1.168.30 for the Network Card with network address 00123F758368 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/1/2012 5:58:41 AM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{830D72BE-6132-4A2A-B8DD-7BC8B69A920B} because another computer on the network has the same name. The server could not start.
.
==== End Of File ===========================

OTL Extras logfile created on: 2/7/2012 7:08:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ekenbarger's\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 74.40% Memory free
3.09 Gb Paging File | 2.69 Gb Available in Paging File | 87.01% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.58 Gb Total Space | 103.03 Gb Free Space | 70.77% Space Free | Partition Type: NTFS
Drive D: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.76 Gb Total Space | 412.81 Gb Free Space | 88.63% Space Free | Partition Type: NTFS

Computer Name: JAM1 | User Name: Ekenbarger's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"Disable Config" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1178326658\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1178326658\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{15D9EB74-998E-4A04-B468-51C2E7B32182}" = Microsoft Picture It! Publishing 2001
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36BD0774-6CD6-4FF9-A148-83CA09AC123E}" = Intel® PROSafe for Wired Connections
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{403EF592-953B-4794-BCEF-ECAB835C2095}" = Intel® PROSafe for Wired Connections
"{40A5DF56-329E-433C-8E79-99807E02F90F}" = Rayman Raving Rabbids
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4F81E0-9150-11D4-A594-0050BAC6946A}" = NickToons Racing
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}" = Microsoft Works Suite Add-in for Microsoft Word
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galactic Adventures
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6C611DD2-2685-4A76-92B5-ECD237128582}" = Type to Learn 3
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{766E4715-B801-46B3-9D91-12288AB88428}" = DB CIF Cam
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = DB CIF Cam
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0255743-165B-4BD5-8DA8-37DFB9930014}" = Norton Ghost
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4375AC9-EDE1-4943-A0E3-801CEB7041DF}" = Dell Support 3.2.1
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EE7C3A14-1D20-49F6-B903-491561076F0F}" = ArcSoft Software Suite
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"ATI Display Driver" = ATI Display Driver
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DAO 3.5" = DAO 3.5
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"EADM" = EA Download Manager
"FoneSync" = FoneSync
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"ie8" = Windows Internet Explorer 8
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Jimmy Neutron Boy Genius" = Jimmy Neutron Boy Genius
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"PROSetDX" = Intel® PRO Network Connections Software v9.2.4.11
"Quicken Basic 2000" = Quicken Basic 2000
"RealPlayer 12.0" = RealPlayer
"SelectRebatesUninstall" = ShopAtHome.com Toolbar
"Shockwave" = Shockwave
"TaxCut Basic 2006" = TaxCut Basic 2006
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2001Setup" = Microsoft Works 2001 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/14/2012 2:17:14 PM | Computer Name = JAM1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19046, fault address 0x000679b8.

Error - 1/28/2012 10:17:22 PM | Computer Name = JAM1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/28/2012 10:17:24 PM | Computer Name = JAM1 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 2/2/2012 5:53:02 PM | Computer Name = JAM1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/6/2012 6:32:41 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x800700a1

Error - 2/6/2012 7:00:46 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x800700a1

Error - 2/6/2012 8:22:43 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x800700a1

Error - 2/6/2012 9:21:47 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x800700a1

Error - 2/6/2012 9:34:49 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x800700a1

Error - 2/6/2012 10:20:01 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x800700a1

[ System Events ]
Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034
Description = The Creative Service for CDROM Access service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7031
Description = The Norton Ghost service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034
Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7031
Description = The SymSnapService service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034
Description = The WAN Miniport (ATW) Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034
Description = The dlcc_device service terminated unexpectedly. It has done this
1 time(s).

Error - 2/7/2012 8:08:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the SymSnapService service, but
this action failed with the following error: %%1056


< End of report >

[Maurice Naggar]

Hello CAE,

Look at my prior response http://forums.malwar...ndpost&p=524598

Did you run Fixpolicies?
Did you run OTH as outlined?
I need the 2 logs from OTL the OTL.txt and Extras.txt
and if you can find Checkup.txt that would be good too

I will not need any DDS logs.

Do NOT do any websurfing at all. Just only go to this forum and just the sites I guide you too.
Your Flash Player is out-dated & poses a security risk. Thus absolutely no websurfing.
Your Java is also out-of-date & I think your Firefox as well. We can cover those a bit later. For now, I need the OTL reports and advise me as to your anti-virus program.

[caewe12]

Yes, I did everything you requested in your first response yesterday but didn't let Security Check run long enough. I re-ran everything tonight but didn't get a new OTL.extras log. I am sending the one from yesterday. Sorry I sent the wrong logs. No websurfing but I did have to reboot the computer as I could not open Internet Explorer and my desktop file at the same time with OTH. I have McAfee but Windows says it is turned off. The firewall is on. I also have Malwarebytes but it hasn't been scanning like it used to. Thank you for your help. CAE

OTL.txt log

OTL logfile created on: 2/8/2012 5:47:12 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ekenbarger's\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 80.77% Memory free
3.09 Gb Paging File | 2.85 Gb Available in Paging File | 92.07% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.58 Gb Total Space | 103.01 Gb Free Space | 70.76% Space Free | Partition Type: NTFS
Drive D: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.76 Gb Total Space | 412.81 Gb Free Space | 88.63% Space Free | Partition Type: NTFS

Computer Name: JAM1 | User Name: Ekenbarger's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/07 19:06:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTL.scr
PRC - [2012/02/07 19:06:23 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTH.scr
PRC - [2008/01/19 20:01:08 | 004,388,192 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2007/12/20 17:13:46 | 001,553,896 | -H-- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe


========== Modules (No Company Name) ==========

MOD - [2005/06/21 15:22:06 | 000,483,328 | -H-- | M] () -- C:\WINDOWS\system32\dlcclmpm.dll
MOD - [2005/06/06 10:58:38 | 000,065,536 | -H-- | M] () -- C:\WINDOWS\system32\dlcccfg.dll
MOD - [2005/04/01 11:44:16 | 000,061,440 | -H-- | M] () -- C:\Program Files\Dell Photo AIO Printer 924\dlcccnv4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus®
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/01/15 07:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/01/19 20:01:08 | 004,388,192 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2007/12/20 17:13:46 | 001,553,896 | -H-- | M] (Symantec) [On_Demand | Running] -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2007/09/12 18:27:24 | 002,999,664 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/10/23 07:50:35 | 000,046,640 | RH-- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2005/06/21 15:19:38 | 000,491,520 | -H-- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)
SRV - [2005/04/25 08:49:52 | 000,086,142 | -H-- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®
SRV - [2003/08/27 10:29:46 | 000,065,536 | -H-- | M] (America Online, Inc.) [Auto | Stopped] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2009/11/04 16:54:12 | 000,040,552 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 16:53:40 | 000,034,248 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/04/13 13:56:49 | 000,012,800 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/01/19 20:12:42 | 000,128,104 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/01/19 19:45:40 | 000,038,112 | -H-- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount)
DRV - [2008/01/19 19:40:16 | 000,015,088 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2007/12/20 17:13:54 | 000,136,416 | -H-- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symsnap.sys -- (symsnap)
DRV - [2007/04/16 12:28:02 | 000,194,362 | -H-- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2006/01/26 12:21:04 | 000,034,686 | -H-- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2006/01/10 11:07:58 | 000,004,864 | -H-- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/04/15 02:14:58 | 001,130,496 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/02 15:12:14 | 000,019,456 | -H-- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2004/08/04 05:00:00 | 000,004,224 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RDPCDD.sy@ -- (RDPCDD)
DRV - [2004/06/16 03:52:40 | 000,061,157 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/06/09 17:16:00 | 000,840,960 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2004/03/24 10:12:44 | 000,004,272 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/03/06 04:15:34 | 000,647,929 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 04:14:42 | 001,233,525 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 04:13:38 | 000,037,048 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/09/22 13:48:00 | 000,130,192 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 13:47:00 | 000,178,672 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/09/19 14:47:24 | 000,010,368 | -H-- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/03/05 18:19:00 | 000,015,840 | -H-- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Pfmodnt.sys -- (PfModNT)
DRV - [2003/01/10 16:13:04 | 000,033,588 | -H-- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 19:45:06 | 000,017,217 | -H-- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [1999/09/27 10:48:42 | 000,034,916 | -H-- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MrtRate.sys -- (mrtRate)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "WinZipBar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "WinZipBar Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.condui...SearchSource=13"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:5.2.0.0
FF - prefs.js..extensions.enabledItems: {37153479-1976-43c3-a1ee-557513977b64}:3.5.1.1
FF - prefs.js..extensions.enabledItems: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37}:3.8.1.0
FF - prefs.js..keyword.URL: "http://search.mywebs...t=kwd="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/30 16:21:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/26 18:23:55 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/26 18:28:55 | 000,000,000 | -H-D | M]

[2008/12/18 23:18:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Extensions
[2011/12/26 17:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions
[2010/06/10 15:38:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/11 19:00:55 | 000,000,000 | ---D | M] (Coupons.com Community Toolbar) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
[2011/12/26 15:55:10 | 000,000,000 | ---D | M] (WinZipBar Community Toolbar) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}
[2011/09/03 08:54:55 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\toolbar@shopathome.com
[2011/12/16 19:41:06 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\conduit.xml
[2011/10/18 15:04:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\CouponAlert_2p.xml
[2011/10/18 15:04:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/15 18:10:28 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/30 16:21:41 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/01/08 09:39:45 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/13 16:52:56 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/13 16:52:58 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2012/02/06 20:19:02 | 000,441,060 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15164 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll File not found
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1178326658\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [wgjpPXjtqGl.exe] C:\Documents and Settings\All Users\Application Data\wgjpPXjtqGl.exe File not found
O4 - HKCU..\Run: [Bomgar Support Reconnect [1297805904]] "C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4D5AF24F\bomgar-scc.exe" -nomulti File not found
O4 - HKCU..\Run: [Internet Security] C:\Documents and Settings\All Users\Application Data\isecurity.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] F:\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O8 - Extra context menu item: &Search - http://tbedits.coupo...2D&n=2011081120 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www6.iepdire...tX_6_5/smsx.cab (MeadCo ScriptX)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1212869638656 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://e-talk1.whps.org/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{830D72BE-6132-4A2A-B8DD-7BC8B69A920B}: DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\gebBSLDU) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{33803d90-0df6-11df-977a-00038a000015}\Shell\AutoRun\command - "" = I:\PMB_Portable.exe
O33 - MountPoints2\{c9f521f1-80d6-11dd-ae4d-0015966fac46}\Shell\AutoRun\command - "" = H:\PMB_Portable.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/07 19:06:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTL.scr
[2012/02/07 19:06:22 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTH.scr
[2012/02/07 19:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ekenbarger's\Desktop\FixPolicies
[2012/02/07 17:33:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ekenbarger's\Start Menu\Programs\Administrative Tools
[2012/02/07 17:24:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Ekenbarger's\Desktop\dds.scr
[2012/02/06 20:34:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ekenbarger's\Recent
[2012/02/06 19:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/06 19:40:35 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Ekenbarger's\Desktop\spybotsd162.exe
[2012/02/06 19:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/06 14:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ekenbarger's\Start Menu\Programs\System Check
[2012/01/11 19:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ekenbarger's\Desktop\pics
[2012/01/11 19:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ekenbarger's\Desktop\Cheryl's
[2012/01/11 09:32:02 | 000,021,504 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2005/09/16 00:27:14 | 000,065,536 | -H-- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Ekenbarger's\Desktop\*.tmp files -> C:\Documents and Settings\Ekenbarger's\Desktop\*.tmp -> ]
[14 C:\Documents and Settings\Ekenbarger's\My Documents\*.tmp files -> C:\Documents and Settings\Ekenbarger's\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/08 17:43:04 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job
[2012/02/08 17:43:03 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job
[2012/02/08 17:15:01 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/08 16:24:21 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job
[2012/02/08 16:15:01 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/08 14:54:01 | 000,000,868 | -H-- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/02/07 19:22:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/07 19:22:05 | 2682,425,344 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/07 19:14:21 | 000,879,683 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\SecurityCheck.exe
[2012/02/07 19:06:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTL.scr
[2012/02/07 19:06:23 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTH.scr
[2012/02/07 19:01:31 | 000,185,065 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\FixPolicies.exe
[2012/02/07 17:24:09 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Ekenbarger's\Desktop\dds.scr
[2012/02/07 17:12:06 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\oo9mvqzj.exe
[2012/02/07 16:56:39 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Shortcut (2) to Cheryl's.lnk
[2012/02/07 16:47:51 | 000,000,569 | ---- | M] () -- C:\Documents and Settings\All Users\Shortcut to Desktop.lnk
[2012/02/06 21:23:09 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Shortcut to Cheryl's.lnk
[2012/02/06 20:19:02 | 000,441,060 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/06 19:42:27 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Spybot - Search & Destroy.lnk
[2012/02/06 19:42:27 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/06 19:39:14 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Ekenbarger's\Desktop\spybotsd162.exe
[2012/02/06 18:35:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/06 14:52:57 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/04 22:17:01 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/11 09:30:44 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Ekenbarger's\Desktop\*.tmp files -> C:\Documents and Settings\Ekenbarger's\Desktop\*.tmp -> ]
[14 C:\Documents and Settings\Ekenbarger's\My Documents\*.tmp files -> C:\Documents and Settings\Ekenbarger's\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/07 19:14:17 | 000,879,683 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\SecurityCheck.exe
[2012/02/07 19:01:30 | 000,185,065 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\FixPolicies.exe
[2012/02/07 17:12:05 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\oo9mvqzj.exe
[2012/02/07 16:56:39 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Shortcut (2) to Cheryl's.lnk
[2012/02/07 16:47:51 | 000,000,569 | ---- | C] () -- C:\Documents and Settings\All Users\Shortcut to Desktop.lnk
[2012/02/07 06:12:36 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Start Menu\Programs\Internet Explorer (2).lnk
[2012/02/06 21:23:09 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Shortcut to Cheryl's.lnk
[2012/02/06 21:19:19 | 2682,425,344 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/06 19:41:39 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Spybot - Search & Destroy.lnk
[2012/02/06 19:41:39 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/06 18:27:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/06 14:52:57 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/05/21 09:05:16 | 000,709,456 | -H-- | C] () -- C:\WINDOWS\is-JCNJV.exe
[2011/05/17 19:09:15 | 000,013,884 | -HS- | C] () -- C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\3m68k04uhh2v0qs0ndbrt8fyr74347y1k
[2011/05/17 19:09:15 | 000,013,884 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3m68k04uhh2v0qs0ndbrt8fyr74347y1k
[2011/05/06 14:29:52 | 000,023,624 | -H-- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/03/13 09:09:42 | 000,638,976 | -H-- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2011/03/13 09:09:42 | 000,106,496 | -H-- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2011/03/13 09:09:41 | 000,372,736 | -H-- | C] () -- C:\WINDOWS\System32\dlccih.exe
[2011/03/13 09:09:41 | 000,155,648 | -H-- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2011/03/13 09:09:41 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2011/03/13 09:09:40 | 000,413,696 | -H-- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2011/03/13 09:09:40 | 000,368,640 | -H-- | C] () -- C:\WINDOWS\System32\dlcccfg.exe
[2011/03/13 09:09:40 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2011/03/13 09:09:39 | 001,134,592 | -H-- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2011/03/13 09:09:39 | 000,770,048 | -H-- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2011/03/13 09:09:39 | 000,483,328 | -H-- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2011/03/13 09:09:38 | 000,704,512 | -H-- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2011/03/13 09:09:38 | 000,491,520 | -H-- | C] () -- C:\WINDOWS\System32\dlcccoms.exe
[2011/03/13 09:09:38 | 000,155,648 | -H-- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2011/03/13 09:09:37 | 001,183,744 | -H-- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2011/03/13 09:09:36 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2011/03/13 09:09:35 | 000,430,080 | -H-- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2011/03/13 09:09:35 | 000,073,728 | -H-- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2011/03/13 09:09:32 | 000,176,128 | -H-- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2011/03/13 09:09:32 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2011/03/13 09:09:31 | 000,131,072 | -H-- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2011/03/13 09:09:25 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2011/02/17 18:00:30 | 000,034,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamcatchme.sys
[2010/05/11 06:24:12 | 000,000,222 | -H-- | C] () -- C:\WINDOWS\System32\SunData.ini
[2010/05/11 06:22:51 | 000,000,085 | -H-- | C] () -- C:\WINDOWS\TTL3Util.ini
[2010/05/11 06:22:37 | 000,000,288 | -H-- | C] () -- C:\WINDOWS\TTL3.ini
[2010/01/07 20:19:32 | 000,004,272 | -H-- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2008/12/17 20:03:46 | 000,073,984 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/10/17 08:26:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\FoneSync.INI
[2008/09/13 18:00:52 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/02 13:55:05 | 000,000,234 | -H-- | C] () -- C:\WINDOWS\TFF32.ini
[2007/10/13 10:41:53 | 000,101,824 | -H-- | C] () -- C:\Program Files\MC
[2007/08/22 22:41:51 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/28 14:39:51 | 000,010,240 | -H-- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/05/28 14:29:32 | 000,000,584 | -H-- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/04/14 10:55:37 | 000,000,107 | -H-- | C] () -- C:\WINDOWS\wpd99.drv
[2007/04/14 10:55:17 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/04/08 19:50:42 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2006/11/25 18:38:40 | 000,001,827 | -H-- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/10/01 19:24:21 | 000,000,037 | -H-- | C] () -- C:\WINDOWS\Viewer.ini
[2006/05/21 09:25:51 | 000,000,024 | -H-- | C] () -- C:\WINDOWS\qfnonl.ini
[2006/05/21 08:02:13 | 000,000,696 | -H-- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/05/21 08:02:12 | 000,000,185 | -H-- | C] () -- C:\WINDOWS\intuprof.ini
[2006/05/21 08:02:10 | 000,006,838 | -H-- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2005/11/03 15:34:18 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/05 18:40:34 | 000,001,786 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/10/05 18:40:34 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\86307A10A8.sys
[2005/09/21 07:41:46 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\fusioncache.dat
[2005/09/20 19:12:22 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Application Data\PFP120JPR.{PB
[2005/09/20 19:12:22 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Application Data\PFP120JCM.{PB
[2005/09/16 00:58:59 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/16 00:50:31 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2005/09/16 00:46:43 | 001,048,576 | -H-- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2005/09/16 00:46:43 | 000,000,231 | -H-- | C] () -- C:\WINDOWS\AC3API.INI
[2005/09/16 00:46:34 | 000,003,278 | -H-- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/09/16 00:46:34 | 000,000,029 | -H-- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/09/16 00:46:29 | 000,000,072 | -H-- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/09/16 00:27:14 | 000,060,928 | -H-- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/09/16 00:27:14 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2005/09/16 00:27:04 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/09/16 00:27:00 | 000,087,540 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/09/16 00:26:34 | 000,000,394 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 08:08:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,780 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,351,384 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,442,466 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,071,732 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2009/06/24 20:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Logs
[2011/02/03 14:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/12/26 15:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2008/01/05 19:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2007/04/14 10:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2008/12/19 21:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/06/24 20:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPORE
[2008/12/20 00:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2007/03/11 23:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/12/26 15:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipEC
[2011/12/26 18:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/04 08:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/04 14:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/12/26 12:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\ElevatedDiagnostics
[2011/04/10 12:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\gtk-2.0
[2007/01/29 18:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Leadertech
[2011/07/31 17:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Nikon
[2007/05/13 06:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\SmartDraw
[2010/06/16 17:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\SPORE
[2007/03/11 23:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Viewpoint
[2012/02/08 16:24:21 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job

========== Purity Check ==========


< End of report >


OTL Extras log

OTL Extras logfile created on: 2/7/2012 7:08:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ekenbarger's\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 74.40% Memory free
3.09 Gb Paging File | 2.69 Gb Available in Paging File | 87.01% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.58 Gb Total Space | 103.03 Gb Free Space | 70.77% Space Free | Partition Type: NTFS
Drive D: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.76 Gb Total Space | 412.81 Gb Free Space | 88.63% Space Free | Partition Type: NTFS

Computer Name: JAM1 | User Name: Ekenbarger's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"Disable Config" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1178326658\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1178326658\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{15D9EB74-998E-4A04-B468-51C2E7B32182}" = Microsoft Picture It! Publishing 2001
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36BD0774-6CD6-4FF9-A148-83CA09AC123E}" = Intel® PROSafe for Wired Connections
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{403EF592-953B-4794-BCEF-ECAB835C2095}" = Intel® PROSafe for Wired Connections
"{40A5DF56-329E-433C-8E79-99807E02F90F}" = Rayman Raving Rabbids
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4F81E0-9150-11D4-A594-0050BAC6946A}" = NickToons Racing
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}" = Microsoft Works Suite Add-in for Microsoft Word
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galactic Adventures
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6C611DD2-2685-4A76-92B5-ECD237128582}" = Type to Learn 3
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{766E4715-B801-46B3-9D91-12288AB88428}" = DB CIF Cam
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = DB CIF Cam
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0255743-165B-4BD5-8DA8-37DFB9930014}" = Norton Ghost
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4375AC9-EDE1-4943-A0E3-801CEB7041DF}" = Dell Support 3.2.1
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EE7C3A14-1D20-49F6-B903-491561076F0F}" = ArcSoft Software Suite
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"ATI Display Driver" = ATI Display Driver
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DAO 3.5" = DAO 3.5
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"EADM" = EA Download Manager
"FoneSync" = FoneSync
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"ie8" = Windows Internet Explorer 8
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Jimmy Neutron Boy Genius" = Jimmy Neutron Boy Genius
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"PROSetDX" = Intel® PRO Network Connections Software v9.2.4.11
"Quicken Basic 2000" = Quicken Basic 2000
"RealPlayer 12.0" = RealPlayer
"SelectRebatesUninstall" = ShopAtHome.com Toolbar
"Shockwave" = Shockwave
"TaxCut Basic 2006" = TaxCut Basic 2006
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2001Setup" = Microsoft Works 2001 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/14/2012 2:17:14 PM | Computer Name = JAM1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19046, fault address 0x000679b8.

Error - 1/28/2012 10:17:22 PM | Computer Name = JAM1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/28/2012 10:17:24 PM | Computer Name = JAM1 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 2/2/2012 5:53:02 PM | Computer Name = JAM1 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/6/2012 6:32:41 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x800700a1

Error - 2/6/2012 7:00:46 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x800700a1

Error - 2/6/2012 8:22:43 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x800700a1

Error - 2/6/2012 9:21:47 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x800700a1

Error - 2/6/2012 9:34:49 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x800700a1

Error - 2/6/2012 10:20:01 PM | Computer Name = JAM1 | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x800700a1

[ System Events ]
Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034
Description = The Creative Service for CDROM Access service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7031
Description = The Norton Ghost service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034
Description = The Intel® Matrix Storage Event Monitor service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7031
Description = The SymSnapService service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034
Description = The WAN Miniport (ATW) Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 2/7/2012 8:07:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7034
Description = The dlcc_device service terminated unexpectedly. It has done this
1 time(s).

Error - 2/7/2012 8:08:46 PM | Computer Name = JAM1 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the SymSnapService service, but
this action failed with the following error: %%1056


< End of report >

Checkup log

Results of screen317's Security Check version 0.99.30
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee Security Scan Plus
```````````````````````````````
Anti-malware/Other Utilities Check:
MVPS Hosts File
Malwarebytes' Anti-Malware
Java™ 6 Update 24
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of date!
Adobe Flash Player 10.2.152.26 Flash Player out of Date!
Adobe Reader X 10.0.1 Adobe Reader out of Date!
Mozilla Firefox (3.6.16) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

[Maurice Naggar]

You will want to print out or copy these instructions to Notepad for Safe offline reference!

These steps are for Caewe12 only. If you are a casual viewer, do NOT try this on your system!
If you are not Caewe12 and have a similar problem, do NOT post here; start your own topic


The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

Your pc has Spybot's Tea Timer on, which normally would be OK, but here while we try to remove malwares, it is NOT desired. It would revert changes that need to be made.
Keep it turned OFF.

Step 1
Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode
then select Advanced Mode

On the left hand side, slect Tools
Then click on the Resident icon in the list
Uncheck Resident TeaTimer and OK any prompts.

Next, disable McAfee anti-virus. See how-to How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Step 2
Run Fixpolicies: Open the folder C:\Fixpolicies and run the Fix_Policies.cmd (Double click on it to run. It won't take long).

Step 3
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.


Step 4
Your pc DOES have a rogue onboard -- some variant of Internet Security malware.
This next OTL process will require a Reboot/Restart. Please allow it.

• Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  
• Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  *****************************************************************
  :processes
  killallprocesses
  
  :files
  recycler /alldrives
  C:\Documents and Settings\All Users\Application Data\wgjpPXjtqGl.exe
  C:\Documents and Settings\All Users\Application Data\isecurity.exe
  
  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Internet Security"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Internet Security 2012"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "wgjpPXjtqGl.exe"=-
  
  :Commands
  [purity]
  [emptytemp]
  [CREATERESTOREPOINT]
  [EMPTYFLASH]
  [Reboot]
  
  *****************************************************************
  
• Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on the red-lettered button Run Fix.
  
• Once you see a message box "Fix complete! Click OK to open the fix log."
  Click the OK button
  
• The log will open in Notepad (your default text editor).
  
• Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post

Step 5
Save and close any work documents, close any apps that you started.

Again, disable the McAfee anti-virus program.

Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.


Reply with copy of the OTL MovedFiles log and the MBAM scan log.

RE-enable McAfee anti-virus.

There is more work to do later. The Java runtime is out-dated & poses a security risk, your Firefox is outdated & also Flash Player.
Do NOT do any websurfing of any kind.

[caewe12]

<sup>I completed up to step 5 but could not update Malware. I rec'd messages update failed and access denied. I cannot do anything to McAfee or my firewall. When the computer reboots the icon in the tray show a message states McAfee anti virus off and firewall off but in Windows Security the firewall is on. When I click on it nothing happens. I scanned with Malware but no infected files detected. Help. CAE</sup>

[caewe12]

Please advise. CAE

[Maurice Naggar]

I was called to civic service this past Friday --- jury duty call. FYI, I am back today.

We can cover MBAM update a bit later.

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!


Step 1

a) Make sure if you opened any apps of yours, that you Exit them.

b) Be sure you are logged in with Admistrator rights account.

c) From Start button, select RUN (or Win-key +R) and in the run-text-box type in

msconfig

and press OK or Enter.

d) You should see the General tab. It should have Normal startup selected (in the radio-box=selection)
IF it does not, then you click on Normal startup.

e) Click on Services tab. To get it's display of services.

Keep a written list of any changes from my list of services below. That way you and I have a reference document.

f) Look at the bottom line Hide all Microsoft services
IF and only IF its is checkmarked, then un-check it.

g) the list of servies may be shown in non-alphabetical order, so ....
Look at the heading titled "Service". Click on it as needed so the list is sorted and top of list starts with the "A" services.
You can toggle as needed to get the desired order.


IF any of below services are NOT shown, don't panic & do not stop, just write down the info for me and proceed with the others !


h) Then using the scroll-bar scroll down the list

Look for Base filtering engine service Is it shown ? Is it checked ?

Look for Ipsec Policy Agent. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Remote Procedure Call (RPC) Locator. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for RPC Endpoint Mapper. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Security Center. Is it shown? Is it checked? If not, click on chekbox to checkmark.

Look for Windows Firewall. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

When done, press the Apply button, and the OK button.

You're likely to be prompted to Restart Windows, do so.

If not prompted, you do a Logoff and Restart of Windows.

When finished, Exit out of the services console.


Then report back here with details.

If any of the services are not shown, just let me know which. I can guide you to getting them "corrected".

Press Windows Start-key, select Control Panel, then Security Center. Expand the Security block (click the down arrow).
What does it show for Firewall? and other security related lines ?



Please download Listparts
RIGHT-Click on it and select Run As Administartor" to Run the tool, click Scan and Attach the log (Result.txt) it makes.


I will need a Copy of the contents of OTLMOvedFiles log,
the results from MSCONFIG review,
the Result.txt log

[caewe12]

Glad you're back...was worried this was hopeless. Reporting back on the "Services" tab. Did not do anything beyond that yet.

Base filtering - not shown

Ipsec Policy Agent - shown as ISPEC Services was checked

Remote Procedure Call (RPC) Locator - was shown as Remote Procedure Call (...Yes). There were two of them (identical) both checked, one running and one stopped.

RPC Endpoint Mapper - not shown

Security Center and Windows Firewall both checked.

Thank you!!

[Maurice Naggar]

This is not hopeless. IF it were, I would have advised you so. You're experiencing the after-effects of the malware rogue infection.
Save the attached Zip file to your Desktop. Extract the contents of the zip file onto the Desktop. It is a registry-file to square away the XP security center service.
Do a right click on the .reg file and select MERGE.
Allow it to be merged onto your registry.
Once that is done, do a Logoff / Restart Windows XP fresh. Then bring up XP Security Center.
Advise me what it shows for the firewall status and the anti-virus status.

After this, we will be doing other tasks. We are not done yet.

[caewe12]

XP Security shows that the firewall is on and McAfee anti-virus and anti-spyware are off. Thanks. CAE

[Maurice Naggar]

Let's have you perform an online scan of this system using ESET online scanner.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Using Internet Explorer browser only, go to ESET Online Scanner website:
{Windows 7 & Vista users should start IE by Start >> Internet Explorer >> Right-Click and select Run As Administrator.}

• Press the ESET Online scanner" button
  
• Check the I accept the terms box. Accept the Terms of Use and press Start button;
  
• Approve the install of the required ActiveX Control, then follow on-screen instructions;
  
• Un-check the Remove found threats option.
  
• Checkmark Scan Archives option.
  
• Click on Advanced Settings and checkmark the following
  Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology
  
  click Scan.
  
• After the scan completes, the Details tab in the Results window will display what was found and removed.
  
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.
  Look at contents of this file using Notepad or Wordpad.
  
  The Frequently Asked Questions for ESET Online Scanner can be viewed here
  http://www.eset.com/...c4.php?page=faq
  
  
  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
    
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

Step 2
After the scan is done, re-enable your antivirus program.

Reply with copy of the Eset scan log. AND tell me if McAfee on this system is a licensed local antivirus from Mcafee or if it came as a freebie from your ISP, OR if it is simply the online scan tool of McAfee. I need to have you insure you have a current & up-to-date antivirus app on your system.

[caewe12]

Hi,
I ran the ESET online scanner. Please see the log below. I am assuming Spybot was off as the link's instructions were followed previously. McAfee is through my ISP. Please advise as to your thoughts/recommendations on anti-virus programs. Greatly appreciate your time. CAE


C:\Documents and Settings\Ekenbarger's\My Documents\incredimail_install.exe probably a variant of Win32/Agent.DYVNCLY trojan
C:\Documents and Settings\Ekenbarger's\My Documents\My Music\iTunes\couponprinter.exe probably a variant of Win32/Adware.Softomate.AD application
F:\My Videos\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application

[caewe12]

OOPS Forgot....I am unable to manage security settings either through the tray icon or control panel. When I try to turn on automatic updates and virus protection through the tray icon I get an error message stating "We're sorry. The Security Center could not change your automatic settings..." It suggests I go through control panel but when I do the pop ups show everything that should (or shouldn't be) checked is yet nothing changes in the Security Center. The firewall is on now. When I go to the start menu to All Programs the McAfee file it is empty as are the majority of the files listed there. Thanks. CAE

[Maurice Naggar]

This next OTL process will require a Reboot/Restart. Please allow it.

• Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  
• Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  *****************************************************************
  :processes
  killallprocesses
  
  :files
  recycler /alldrives
  C:\Documents and Settings\All Users\Application Data\wgjpPXjtqGl.exe
  C:\Documents and Settings\All Users\Application Data\isecurity.exe
  
  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Internet Security"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Internet Security 2012"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "wgjpPXjtqGl.exe"=-
  
  :Commands
  [purity]
  [emptytemp]
  [CREATERESTOREPOINT]
  [EMPTYFLASH]
  [Reboot]
  
  *****************************************************************
  
• Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on the red-lettered button Run Fix.
  
• Once you see a message box "Fix complete! Click OK to open the fix log."
  Click the OK button
  
• The log will open in Notepad (your default text editor).
  
• Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post

[caewe12]

Hi,

Here is the log. Thank you. CAE

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\RECYCLER\S-1-5-21-1946173170-350803515-410004273-1006 folder moved successfully.
C:\RECYCLER folder moved successfully.
recycler not found in D:\
F:\RECYCLER\S-1-5-21-1946173170-350803515-410004273-1006 folder moved successfully.
F:\RECYCLER folder moved successfully.
File\Folder C:\Documents and Settings\All Users\Application Data\wgjpPXjtqGl.exe not found.
File\Folder C:\Documents and Settings\All Users\Application Data\isecurity.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Internet Security not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Internet Security 2012 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wgjpPXjtqGl.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ekenbarger's
->Temp folder emptied: 17746 bytes
->Temporary Internet Files folder emptied: 32905761 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Google Chrome cache emptied: 0 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 730974 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 32.00 mb

Restore point Set: OTL Restore Point (0)

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Ekenbarger's
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02132012_171011
Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_1eb0.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_2604.dat not found!
Registry entries deleted on Reboot...

[Maurice Naggar]

Please do this next:
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages
It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.
You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.
Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)


Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

>>>Link 1<<<







* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop
If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on Combo-Fix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-------------------------------------------------------

A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.

RE-Enable your AntiVirus and AntiSpyware applications.

[caewe12]

Hi,

The log per your request.

ComboFix 12-02-15.01 - Ekenbarger's 02/15/2012 20:13:14.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1940 [GMT -5:00]
Running from: c:\documents and settings\Ekenbarger's\Desktop\Combo-Fix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ekenbarger's\My Documents\~WRL0003.tmp
c:\documents and settings\Ekenbarger's\My Documents\~WRL0035.tmp
c:\documents and settings\Ekenbarger's\My Documents\~WRL1702.tmp
c:\documents and settings\Ekenbarger's\My Documents\~WRL1764.tmp
c:\documents and settings\Ekenbarger's\My Documents\~WRL1793.tmp
c:\documents and settings\Ekenbarger's\My Documents\~WRL1884.tmp
c:\documents and settings\Ekenbarger's\My Documents\~WRL2298.tmp
c:\documents and settings\Ekenbarger's\My Documents\~WRL2497.tmp
c:\documents and settings\Ekenbarger's\My Documents\~WRL2780.tmp
c:\documents and settings\Ekenbarger's\My Documents\~WRL3446.tmp
c:\documents and settings\Ekenbarger's\My Documents\~WRL3580.tmp
c:\documents and settings\Ekenbarger's\My Documents\~WRL3672.tmp
c:\documents and settings\Ekenbarger's\My Documents\~WRL3807.tmp
c:\documents and settings\Ekenbarger's\My Documents\~WRL3842.tmp
c:\documents and settings\Ekenbarger's\Start Menu\Programs\System Check
c:\documents and settings\Ekenbarger's\Start Menu\Programs\System Check\System Check.lnk
c:\documents and settings\Ekenbarger's\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\documents and settings\Ekenbarger's\System
c:\documents and settings\Ekenbarger's\System\win_qs8.jqx
c:\documents and settings\Ekenbarger's\WINDOWS
c:\program files\CouponAlert_2pEI
c:\program files\SelectRebates
c:\program files\SelectRebates\FFToolbar\chrome.manifest
c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\install.rdf
c:\program files\SelectRebates\SahImages\alert.png
c:\program files\SelectRebates\SahImages\check.png
c:\program files\SelectRebates\SahImages\close.png
c:\program files\SelectRebates\SelectAlerts.dat
c:\program files\SelectRebates\SelectRebates.exe
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesA.dat
c:\program files\SelectRebates\SelectRebatesApi.exe
c:\program files\SelectRebates\SelectRebatesB.dat
c:\program files\SelectRebates\SelectRebatesBT.dat
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\program files\SelectRebates\SelectRebatesH.dat
c:\program files\SelectRebates\SelectRebatesUninstall.exe
c:\program files\SelectRebates\SRebates.dll
c:\program files\SelectRebates\SRFF3.dll
c:\program files\SelectRebates\Toolbar\AddtoList.bmp
c:\program files\SelectRebates\Toolbar\basis.xml
c:\program files\SelectRebates\Toolbar\Basis.xml.dym
c:\program files\SelectRebates\Toolbar\Blank.bmp
c:\program files\SelectRebates\Toolbar\CashBack.bmp
c:\program files\SelectRebates\Toolbar\Coupons.bmp
c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp
c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files\SelectRebates\Toolbar\icons.bmp
c:\program files\SelectRebates\Toolbar\ImageCache\alert-red.bmp
c:\program files\SelectRebates\Toolbar\logo.bmp
c:\program files\SelectRebates\Toolbar\logo_24.bmp
c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files\SelectRebates\Toolbar\ReviewSite.bmp
c:\program files\SelectRebates\Toolbar\RightControls.dym
c:\program files\SelectRebates\Toolbar\sahtb-alert.bmp
c:\program files\SelectRebates\Toolbar\sahtb-go.bmp
c:\program files\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp
c:\program files\SelectRebates\Toolbar\sahtb-icons.bmp
c:\program files\SelectRebates\Toolbar\sahtb-restaurant.bmp
c:\program files\SelectRebates\Toolbar\sahtb-wishlist.bmp
c:\program files\SelectRebates\Toolbar\Scissors.bmp
c:\program files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
c:\program files\Shared
c:\program files\Shared\shared.sig
c:\windows\settings.reg
c:\windows\system32\bszip.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TDSSSERV.SYS
.
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-12 20:12 . 2012-02-12 20:12 -------- d-----w- c:\program files\ESET
2012-02-10 01:04 . 2012-02-10 01:04 -------- d-----w- C:\_OTL
2012-02-10 00:40 . 2012-02-11 15:24 -------- d-----w- c:\program files\ERUNT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-26 20:43 . 2011-05-06 19:29 23624 ---ha-w- c:\windows\system32\drivers\hitmanpro35.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-15 344064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-30 273544]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"NapsterShell"="c:\program files\Napster\napster.exe" [2008-05-29 323216]
"HostManager"="c:\program files\Common Files\AOL\1178326658\ee\AOLSoftware.exe" [2006-09-26 50736]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1178326658\\ee\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [5/21/2006 8:02 AM 34916]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 5:13 PM 1553896]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:17 AM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:17 AM 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 12:51 PM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-02-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-12 19:03]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 12:17]
.
2012-02-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-02-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-02-16 c:\windows\Tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cox.net/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: microsoft.com\www.update
TCP: DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\documents and settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WinZipBar Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&ind=2011081120&ptnrS=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&n=77dea9a0&psa=&st=kwd&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ShopAtHome.com Intelligent Shopping Toolbar: toolbar@shopathome.com - %profile%\extensions\toolbar@shopathome.com
FF - Ext: Coupons.com Community Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - %profile%\extensions\{37153479-1976-43c3-a1ee-557513977b64}
FF - Ext: WinZipBar Community Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - %profile%\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Bomgar Support Reconnect [1297805904] - c:\documents and settings\All Users\Application Data\Bomgar-SCC-4D5AF24F\bomgar-scc.exe
HKCU-Run-Internet Security - c:\documents and settings\All Users\Application Data\isecurity.exe
HKLM-Run-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
AddRemove-EADM - c:\program files\Electronic Arts\EADM\EADMUI\EADMUninstall.exe
AddRemove-Jimmy Neutron Boy Genius - c:\program files\THQ\Jimmy Neutron\Jimmy Neutron Boy Genius\Uninst.isu
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-{83d96ed0-98aa-4515-8ddc-816f3efdd104} - c:\program files\InstallShield Installation Information\{83d96ed0-98aa-4515-8ddc-816f3efdd104}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-15 20:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sy@"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1946173170-350803515-410004273-1006\Software\SecuROM\License information*]
"datasecu"=hex:28,72,f8,1c,a1,7f,1f,4b,21,f0,dc,17,10,16,7b,fe,96,08,a1,81,ce,
92,9d,a3,99,2a,90,e3,34,37,f3,c6,11,c1,26,63,01,7c,1c,dd,c0,e4,dc,90,37,34,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1692)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\jscript.dll
c:\windows\system32\Macromed\Flash\Flash10v.ocx
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-02-15 21:12:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-16 02:12
.
Pre-Run: 110,561,619,968 bytes free
Post-Run: 110,381,297,664 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 4B8A44505CB55A0661A125526156A871

Thanks. CAE

[Maurice Naggar]

Combofix did a fine job of finding remaining traces of malwares: System check, internet security, & a bit of TDSS.

Step1 a bit of update housekeeping

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of >> Windows 7/XP/Vista/2000/2003/2008 Offline << from here and save it to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u31-windows-i586-s.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  
  • On the General tab, under Temporary Internet Files, click the Settings button.
    
  • Next, click on the Delete Files button
    
  • There are two options in the window to clear the cache - Leave BOTH Checked
    
    Applications and Applets
    Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    
  • Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:
Click Advanced Tab. Expand the Miscellaneous item.
UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml
When all is well, you should see Java Version: Java 6 Update 31 from Sun Microsystems Inc.

Step 2
Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com

and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.

Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor.
Do a Select ALL, Copy. Then paste contents into your next reply.

Step 3
Download aswMBR.exe ( 511KB ) to your desktop.
RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 4
Please read carefully and follow these steps.

• Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  
• Download TDSSKiller and save it to your Desktop.
  
• RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
  
• Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  
• Then press Start Scan

When the scan is done, it will display a summary screen.

• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Re-enable your anti-virus program.